This article is written by DGC Principal and IT Risk Assurance & Advisory practice leader Nick DeLena, CISSP, CISA, CRISC, CDPSE and is featured in the Greater Boston Chamber of Commerce's blog. Nick is a frequent contributor to industry and trade publications on topics such as cybersecurity, third-party risk, and regulatory compliance, among others. His experience enables him to make recommendations that are realistic and feasible to implement.
Technologies like widespread high-speed internet, cloud-based Software as a Service (SaaS) technologies, and collaboration tools like Zoom and Microsoft Teams allowed many businesses to adapt quickly when the pandemic hit. However other, often older technologies and architectures hamstrung organizations because they were originally designed to protect users who were now no longer physically in offices protected by firewalls. As a result, we saw what some have called a "cyber pandemic" that ran in parallel with the real one - a massive uptick in ransomware attacks, with the FBI reporting complaints about cybercrime jumping by 1 million over the prior year.
Insurance carriers are feeling the effects acutely. According to Fitch Ratings, the average paid loss for a standalone cyber claim jumped from $145,000 in 2019 to $358,000 in 2020. Cyber insurance profitability, as a result, has plummeted, forcing carriers to raise premiums and increase underwriting standards for companies that are up for renewal.
In the last few weeks, DGC spoke with many organizations that were denied cyber insurance renewal. Here are some first-hand situations that they experienced, and steps DGC’s IT Risk team recommends you can take to avoid this happening to you:
We recommend that if you are facing denial or non-renewal, start with a self-assessment using a leading framework. The exercise will identify numerous gaps which can then be prioritized based on each action's ability to reduce your organization's overall risk. Tackling these challenges proactively can help avoid or mitigate insurance surprises, or worse yet - a ransomware outbreak that could cripple your business.
If you need to submit a business interruption claim due to a cyberattack, managing the claim and calculating the amount of lost income is itself a formidable and complex task. It is critical that your claim is prepared and supported properly to ensure that you recover your losses timely. DGC has prepared a Business Interruption Insurance Claim Checklist that details the steps that should be taken when filing a claim.